A targeted malicious PyPI package named 'lr-utils-lib' has been identified as a new threat to macOS users. This package, reported by darkreading and The Hacker News, steals Google Cloud credentials, posing a significant risk to both individual developers and enterprises. The discovery highlights the ongoing cybersecurity challenges faced by developers and the importance of vigilance in software package management.